A friend of mine was trying to do this exact same thing for his senior project in college and was unable to get any feedback from security sites because, as you probably know, the question comes off as suspicious activity that most people will not help with.

He ended up getting one of his programming buddies to write some sample code for him so he at least had a small demonstration.

It appeared to me that you were looking for something on the lines of this, a program that uses a USB key to infect a computer and install keylogger and rootkit technologies. The hacksaw program basically podslurps everything off of USB and external drives. In addition, even if a usb stick is U3, an administrator can disable autorun via group policy to prevent attacks such as these.

Your original post said:

Quote:

Is anybody aware of any downloadable images preconfigured so after plugging in, a keylogger, backdoor, ... or other things are automatically installed (ex: connect to IRC botnet channel) ?

I interpret this as, "after plugging in a USB drive, a keylogger or backdoor will be installed on the host PC." Please correct me if I am wrong.

Q: What must I do to trigger Autorun on my USB storage device?
The Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. If you need to make a USB storage device perform Autorun, the device must not be marked as a removable media device and the device must contain an Autorun.inf file and a startup application.

The removable media device setting is a flag contained within the SCSI Inquiry Data response to the SCSI Inquiry command. Bit 7 of byte 1 (indexed from 0) is the Removable Media Bit (RMB). A RMB set to zero indicates that the device is not a removable media device. A RMB of one indicates that the device is a removable media device. Drivers obtain this information by using the StorageDeviceProperty request.

Autorun USB might do the trick for you, but I have not used nor tested it. You may need to do some research on getting USB to appear as non-removable.

2. That autorun functionality has not been disabled - If you are a smart sysadmin, this should be done by default via GPO.

3. That the installed antivirus software will not automatically detect the trojan/malware

After the above prerequisites have been met, you should be able to tweak just about any keylogger or trojan to run. Is there a corporate version that does this? I have not seen any, and in my opinion, there is good reason for this, especially with the amount of data theft that has been going on as of late.

Edit: By the way, in the social engineering attack, Autorun was *not* used. The bank employees merely clicked on executables that were marked as picture.jpeg.exe (with the exe extensions being hidden by default within windows).